On Jun 24, 2006, at 1:24 PM, Kenneth Porter wrote:
--On Saturday, June 24, 2006 1:01 PM +0900 alan premselaar
<[EMAIL PROTECTED]> wrote:
You could deliver the primary's access database to the secondary
somehow (via scp/rsync, ftp, etc. like in every 5 minutes or so, or
just when your primary access database gets updated, e.g. when you
add
a new mailbox) and merge both access files before building the
access.db. Thus the secondary MX will always have all the
information
needed to reject mail coming to non-existing recipients for both of
your domains.
My paragraph above sort of explains why this won't work, since my
access
file doesn't contain much. I'll look and see what it has, though, and
maybe I can do something with it.
Distributed access lists, while providing an independant means of
rejecting unknown users even if the primary MX is unavailable, is more
of an administrative burden.
Why not put the access list in DNS, which is also distributed? Dynamic
updates allow multiple servers to maintain it, and local caching
should keep it reasonably fast.
You mean like hesiod?
(imagine NIS implemented on top of DNS, and you've got hesiod)
That was certainly well adopted by the 'net at large.
Don't get me wrong, I think hesiod is _great_. But LDAP has pretty
much taken over that niche, even at MIT (where hesiod came from, as
part of project athena).
(and before anyone says "but DNS is even less secure than NIS!", you
don't put any secure information in hesiod; so the password field of
the passwd domain is "*" for all hesiod entries, and you use some other
password store/authentication mechanism for users not in /etc/passwd
(project athena intended you to use kerberos for that))
_______________________________________________
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID. You may ignore it.
Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
